Language Selection

English French German Italian Portuguese Spanish

Unpatched Firefox flaw may expose users

Filed under
Moz/FF
Security

A new, unpatched flaw in that affects all versions of Firefox could let attackers surreptitiously run malicious code on users' PCs, a security researcher has warned.

The problem lies in the way Firefox handles Web links that are overly long and contain dashes, security researcher Tom Ferris said in an interview via instant messaging late Thursday.

He posted an advisory and a proof of concept to the Full Disclosure security mailing list and to his Security Protocols Web site.

The security vulnerability is a buffer overflow flaw that "allows for an attacker to remotely execute arbitrary code" on a vulnerable PC, Ferris said. An attacker could host a Web site containing the malicious code to exploit the flaw, he said. Though his proof of concept only crashes Firefox, Ferris claims he has been able to tweak it to run code.

Severity:
Critical

Vendor:
Mozilla

Versions Affected:
Firefox Win32 1.0.6 and prior
Firefox Linux 1.0.6 and prior
Firefox 1.5 Beta 1 (Deer Park Alpha 2)

Full Story.

More in Tux Machines

Asian Penguins turn failed program into a Linux success

The Community School of Excellence (CSE) Asian Penguins are the world's first and only Linux user group based in a Hmong charter school. A failed Windows laptop program at the school was turned by the Asian Penguins into a Linux success. Stu Keroff is the technology coordinator at the Community School of Excellence, a middle school located in St. Paul, Minnesota. He is a licensed elementary education and middle school social studies teacher, and a long-time Linux enthusiast. Stu founded and advises the Asian Penguins. Read more

Testing The BCache SSD Cache For HDDs On Linux 4.8

It has been over one year since last testing the mainline Linux kernel's BCache support for this block cache that allows solid-state drives to act as a cache for slower hard disk drives. Here are some fresh benchmarks of a SATA 3.0 SSD+HDD with BCache from the Linux 4.8 Git kernel. Read more

Debian Project mourns the loss of Kristoffer H. Rose

Kristoffer was a Debian contributor from the very early days of the project, and the upstream author of several packages that are still in the Debian archive nowadays, such as the LaTeX package Xy-pic and FlexML. On his return to the project after several years' absence, many of us had the pleasure of meeting Kristoffer during DebConf15 in Heidelberg. Read more

Linux Users v Windows Users, Debian Mourns Another

The Debian project today shared the news of the passing of a long time contributor on September 17. In other news, the Linux Journal offered a free digital copy of their September 2016 magazine. Bruce Byfield compared Linux users to Windows users and My Linux Rig spoke to elementary OS founder Daniel Foré about his "Linux Setup." Read more